Enabling trusted commerce and protecting customers
We aim to increase transaction approvals so that businesses can thrive while customers are protected and satisfied—no matter where or how they pay or are paid.
At Visa, security is composed of three key areas:
- Credentials Security: the ability to secure transactions and limit financial losses for ecosystem participants.
- Operational Resiliency: the ability to maintain a network that is always on and helps participants identify risks, improve decision making and transact efficiently.
- Ecosystem Integrity: the ability to identify and stop or mitigate illegal activity.
The Visa Intelligent Security framework offers our ecosystem partners dynamic, data-rich solutions that help balance fraud reduction and dispute prevention. The Intelligent Security framework spans the entire transaction lifecycle:
- Account Onboarding and Management: Visa provides financial institutions with tools to identify identity fraud at account opening, and through our financial institution clients, Visa provides consumer tools to manage security, including restrictions on account use and customizing alerts.
- Consumer Identity and Authentication: We use artificial intelligence-powered authentication strategies to prevent unauthorized access to Visa accounts.
- Transaction Authorization: We use tools such as Visa Advanced Authorization, which applies real-time artificial intelligence and machine learning to evaluate the trustworthiness of transactions to prevent fraud without inconveniencing consumers.
- Dispute Management: We help consumers and issuers to proactively address transaction disputes through Visa tools such as Verifi, which provides issuers and customers access to transaction information from sellers via a global data-sharing network.
- Performance Optimization: An important piece of the Visa Intelligent Security strategy is our commitment to enhancing payment performance by reducing fraud and increasing efficiency.
Visa helped prevent an estimated $27 billion in fraud in 2022.
Recognizing that the cyber threat landscape continues to evolve, Visa is committed to championing cybersecurity within our operations. We use an established risk assessment methodology and framework to identify cybersecurity risks and associated business impacts.
At Visa, we build and use AI to detect and secure cyber threats. We approach cybersecurity with a layered defense-in-depth strategy. We further advance our capabilities based on our core areas of focus, including enhancing our architecture, expanding our data security program to include unstructured data, and conducting continuous security and efficacy efforts.
We leverage the following components to enact our cybersecurity strategy across the business:
- Policy and Training: Visa’s cybersecurity policy framework, the Key Controls, details our approach to protecting our information and technology assets, including the safe handling of consumer nonpublic personal information. We provide new employees with security awareness training and conduct annual Key Controls training for all staff, to promote good cyber-hygiene and familiarity with Visa processes and tools.
- Adaptive Resiliency: We regularly conduct cross-functional response and resiliency exercises involving multiple internal teams as well as external partners and agencies. We further evolved the Visa Cyber Fusion Framework to drive an active and adaptive global Cyber Defense capability. This capability allows us to meet the increasing threat landscape through the ability to rapidly collect, analyze and use cyber threat intelligence while providing continuous real-time validation of our security tools and assets.
- Audit and Third-Party Certifications: To promote the effectiveness of our cybersecurity approach and systems, we conduct multiple internal and external audits of our IT infrastructure and applications every year. These systems also are subject to examination by the Federal Banking Agencies and other regulators from across the globe. Examples of external reviews include: Payment Card Industry Data Security Standard, Statement on Standards for Attestation Engagements (SSAE-18) and International Standard on Assurance Engagements 3402.
Our cybersecurity approach is supported by robust governance processes that involve regular reporting to management- and Board-level committees responsible for risk management and cybersecurity oversight. We provide regular updates to the full Board, including an annual in-depth review.
Over the past several years, Gartner Consulting assessed Visa’s security posture and assigned Visa its highest rating among peer companies for the overall maturity of our cybersecurity program.
Building trust begins with a commitment to privacy and security, which instills confidence in our employees and clients, protects our brand and allows us to innovate responsibly. We also recognize that data is a powerful tool that can fuel innovation, improve customer experiences, safeguard consumers from fraud and deliver new value to consumers.
Our focus is simple: to use the data entrusted to us in a responsible manner to benefit consumers and help businesses and economies grow. We embed these and other practices through a robust privacy program that allows us to measure and monitor organizational practices. We strive to be transparent about our data practices. To learn more about how Visa collects, uses and shares Personal Information, as well as the privacy choices we offer, please refer to our Visa Global Privacy Notice.
Visa’s Global Privacy Office, composed of dozens of privacy professionals around the world, is led by Visa’s Chief Privacy Officer and closely coordinates with several cross-functional teams and governance bodies, including the Cybersecurity team and Global Data Office.
The Corporate Risk Committee and the Visa Inc. Audit and Risk Committee oversee the Global Privacy Program and the risks related to data privacy, including our compliance with current and emerging data protection laws around the world.
Responsible data use
When it comes to data at Visa, our focus is simple: to use the data entrusted to us to enable individuals, businesses and economies to thrive. Visa relies on data to improve the security and value of the Visa network, better serve our clients and partners, protect consumers from fraud and drive positive impact for communities and economies around the globe.
We recognize consumers are concerned about how their data is collected, used, shared and kept secure.
At Visa, we have adopted policies and practices designed to embed accountability for data practices throughout the organization and enable responsible execution through the expertise of dedicated security, privacy and data professionals working around the world on these topics.
Spotlight: Visa’s data values
Security: Individuals and businesses should have confidence that Visa payment data is safe. There is no higher priority for Visa than safeguarding those who use our products, services and network.
Control: Visa will always strive to provide simple explanations regarding how data may be used and to empower individuals with easy processes to manage use of their data.
Value: Data use at Visa should benefit individuals, businesses and economies. We strive to do this by delivering greater security, financial inclusion and consumer convenience.
Fairness: Visa’s application of data and data-driven insights aims to be fair, inclusive and avoid discrimination. Visa will strive to make our models explainable, accurate and safe.
Accountability: Visa’s approach to data use should be consistently applied at all levels of the organization and be embedded through process, training, and management responsibilities.
The application of these principles may evolve over time, adapting to new privacy and data-related regulations and standards that may emerge, based on the needs of consumers, businesses and economies. As Visa’s business moves into new technologies, payment flows and value added services, we are committed to engaging with policymakers and regulators worldwide to participate in the development and harmonization of data focused laws, regulations and standards.
Visa connects the world through the most innovative, reliable and secure payments network—enabling individuals, businesses and economies to thrive. Visa is committed to maintaining the integrity of our payment system. We do not tolerate the use of our network and products for illegal activity, and we are vigilant in our efforts to deter illegal activity on our network.
The Visa Integrity Risk Program establishes a set of ecosystem controls, requirements and capabilities that seek to deter, detect and remediate noncompliant transactions across our network. This framework helps network participants that support merchants in legal businesses that are at higher risk for illicit activity maintain proper controls and oversight processes to identify and deter unlawful transactions from entering the Visa payment system.
As part of the Program, Visa:
- Maintains registration requirements for acquirers and merchants, pursuant to which acquirers attest to their merchants’ compliance with our standards.
- Provides acquirers guidance and direction on controls to help comply with Visa’s rules.
- Proactively monitors participant transaction activity via machine- learning solutions.
- Works with acquirers to identify and terminate merchants that are selling illegal items and services.
- Engages with law enforcement to stay abreast of ecosystem risks.
- Supports industry and cross-industry organizations and initiatives such as the Financial Coalition Against Child Sexual Exploitation, a joint initiative of the International Centre for Missing & Exploited Children and the National Center for Missing & Exploited Children, and the Internet Watch Foundation.
- Combats counterfeiting and piracy in partnership with the International Anti-Counterfeiting Coalition.